AthTek Blog » network administrator

Differences Between Real-Time Traffic Analysis And Packet Analysis in AthTek NetWalk

AthTek — Wed, 29 Apr 2015 10:07:47 +0000

[PDF] AthTek NetWalk supports both real-time and postmortem analysis. Do you know what the differences are? Most of time, real-time and postmortem analysis shares the same template to analyze the traffic data. Real-time traffic analysis shows dynamic trends of the entire network, while postmortem traffic analysis shows exactly what has happened in this network. In this article, you will read the main differences between real-time traffic analysis and packet analysis in AthTek NetWalk.

1. Overview.
In Overview section, real-time traffic shows current bandwidth usage and accumulated traffic data. But if you opened a captured packet in AthTek NetWalk, you will see fixed values of the network traffic and these values tell you exactly what has happened during the capturing period.

2. Packets.
When you opened a captured file in AthTek NetWalk, you will see a new tab named “Packets” created on left. Real-time traffic analysis doesn’t support Packets tab. In Packets tab, network administrators can read all the communication details including requested IP addresses, ports, protocol, etc. If a common packet analyzer enables network administrator to see a naked data, AthTek NetWalk enables users to see a reliable anatomical traffic data through detail and hex view tool.

3. Layered View.
There are 3 layers in Layered View section: Application, Net&Transport and Physical. A significant different is, you can see communication flows in postmortem packet analysis.

4. Events Tab.
In Events tab, network administrator can jump to the communication flow when it is a postmortem packet analysis.

5. Matrix Map.
In Matrix Map, real-time analysis only marks active connections in green, while postmortem analysis marks all successful connections in green.

In short, postmortem analysis enables network administrators to see all communication details happened on the network. All you need to do is to capture packets and open the captured file in AthTek NetWalk.

$50 OFF to Buy AthTek NetWalk Enterprise License

AthTek — Mon, 20 Apr 2015 07:08:00 +0000

Good news to enterprise network administrators: AthTek opens a new special offer for AthTek NetWalk Enterprise License. Anyone who buys AthTek NetWalk Enterprise License will get $50 OFF each license. Buyers will find that $50 have been discounted automatically from the payment. If you are looking for a comprehensive network monitoring and packet sniffing tool, this is exactly the one you should never miss. For more information visit korucaredoula .

Buy AthTek NetWalk Enterprise License in Special Offer

AthTek NetWalk is a super network analyzer for network administrators. It monitors the real-time data traffic on the network, and leads them to the professional analyzer to generate network traffic analyzing charts. Multi-protocols enables you to know every detail about your network within different layers, including Application Layer, Transport Layer and Physical Layer. It is good at packet sniffing and enables to analyze the real-time packet by built-in Wireshark. All the captured traffic data can be saved as trace files for further use. And by using the Matrix Map, you can see all the connections directly.

How to Monitor and Analyze Real-time Network Traffic

AthTek — Wed, 21 Jan 2015 06:34:48 +0000

[PDF] Real-time network traffic monitoring and analysis are two core works to most enterprise network administrators. However, most administrators soon give up on network monitoring. This is because they find collecting network traffic complicated. Even if they manage to capture network conversations they find it challenging to analyze the raw data in a meaningful way. In this article, you will read how to monitor and analyze real-time network traffic by the great network monitoring software– AthTek NetWalk. If you have no idea about this software, please download and install the free personal edition for a quick view.

When you open AthTek NetWalk for the first time, you will be asked to choose an internet adapter of your network. You can also switch to another one in program’s toolbar. After then the real-time network traffic will be displayed in some dynamic diagrams in AthTek NetWalk. Acquiescently you will see some raw data in real-time such as top hosts and bandwidth utilization. You can customize these real-time dynamic diagrams as you need. If you don’t need to do further troubleshooting, these dynamic diagrams could be a network analytic report for real-time network monitoring, and if you want to monitor real time computer activity, did you know that you can also monitor PC activity where staff are working remotely? It’s a great tool so very much worth looking into if you have remote workers and need to monitor more than just the network activity.

For more network analysis details, please click to access the second tab– Layered View. In this tab you can see the detailed network monitoring data in Application, Net&Transport and Physical layers. All the internet requests will be disclosed completely and displayed in groups.

Click to access the third tab and you will see all the events happened during network monitoring. Blue ball stands for TCP Connection Slow Setup. Yellow ball stands for TCP Out of Order. Orange ball stands for TCP Retransmission. Red ball stands for TCP Important Errors. Right click on any of the records, and then network administrator can jump to the Net&Transport layer for troubleshooting.

Click on the fourth tab and you can see the real-time matrix map of your network. You can choose to display the Matrix Map on IP/Domain or MAC address basis. Green line stands for real-time activate connection and blue line stands for historical connection. Like in Events tab, double click on any of the addresses network administrator can jump to the Net&Transport layer for troubleshooting.

Click on the last tab, you will see the real-time traffic in dynamic area chart, curve chart, bar chart or pie chart.

Tutorial: How to Customize the Monitor Interface of AthTek NetWalk

AthTek — Fri, 13 Jun 2014 16:02:57 +0000

[PDF] When you open AthTek NetWalk, you will see the impressive graphic monitor interface which displays the current network traffic statistics. Some network administrators love AthTek NetWalk because of the graphic monitor interface. Do you know that you can customize the graphic monitor interface as you need? In the following post, you will read how to customize the graphic monitor interface easily.

In default monitor interface of AthTek NetWalk, there are 6 components in 3 rows. They are Monitor Dashboard, Layered Summary, Top MAC Hosts, Top IP Hosts, Graph – Current Utilization and Packet Size Distribution. You can find some general options by clicking the drop-down arrow on top left corner of each component. There are many other components you can add to the monitor interface. You can also choose the place where you want to display the component. Now let’s getting started to customize the monitor interface of AthTek NetWalk!

1. How to delete the component?
Click the drop-down arrow and you will see the delete option. For example, you want to delete the option of Top IP Hosts. You can click the drop-down arrow of Top IP Hosts component and choose Delete option, and then the component will be deleted from monitor interface. Particularly, you can also switch the graph from pie chart to host list.

2. How to add a new component to monitor interface?
Click “Add” on top right of monitor interface and then you will see the “Add Component” window. There are 8 types of components which you can add to the monitor interface. If you choose to add a graph, you will be asked to choose a graph type from 9 graph types. For example, you want to add a Monitor Packet Trend to 2nd row and 2nd column. Click “Add” on top right corner and choose Monitor Packet Trend in type, choose 2 in row and column. Press OK to add.

3. What components can you add to the monitor interface?

Component Type	Introduction
Monitor Dashboard	The dashboard of real-time utilization, packet and event.
Monitor Packet Trend	The packet trend every 20 seconds in monitoring.
Monitor Utilization Trend	The utilization trend every 20 seconds in monitoring.
Monitor Event Trend	The event trend every 20 seconds in monitoring.
Top MAC Hosts	Top 10 active MAC addresses.
Top IP Hosts	Top 10 active IP addresses.
Layered Summary	The traffic summary of application, network and physical layers.
Graph	Including current utilization, application layer protocols packets, ping requests and replies, TCP SYNs/FINs/RSTs, TCP vs UDP, ARP requests and replies, broadcasts multicasts vs total, DNS successful queries vs failed queries, packet size distribution.

2014 Special Offer: $200 OFF for AthTek NetWalk at monitor-tool.com

AthTek — Tue, 03 Jun 2014 14:12:17 +0000

Thank you for all the concern about our previous special offer– $396 off for AthTek WebXone. We have just launched the new special offer in June: anyone who buy a lifetime license for AthTek NetWalk Enterprise Edition will save up to $200 each license. Buyers only need to go to monitor-tool.com (the product website for AthTek NetWalk) and will see the discount link on home page. This special offer will expire at June 30, 2014. If you are looking for a comprehensive packet sniffing program for your enterprise network management, AthTek NetWalk Enterprise Edition is the best choice we highly recommend!

Go to monitor-tool.com to Get $200 Off Discount Now!

AthTek NetWalk is a comprehensive network monitoring tool which can be used as intrusion detection system (NIDS) for business networking. It captures packets and achieves high performance in packet sniffing. AthTek NetWalk learns from many pop packet sniffing tool, and optimized the way of network monitoring. It takes the entire network traffic under control, and generate the network status report by visible diagrams.

There are a lot of small business who highly depend on network, but they cannot afford the high prices of other packet sniffers. AthTek NetWalk is a better choice which has higher packet sniffing performance but low cost. You can view the compare of packet sniffers and network monitoring tools at HERE.

Detect, Diagnose and Resolve Network Performance Problems in Holidays

AthTek — Mon, 23 Dec 2013 08:46:20 +0000

[PDF] Christmas is coming soon! Christmas is the most important festival for business owners. If they provide products or service through a web store, the website will get a great traffic growth during the holidays. Generally, business owners will earn a lot of money in Christmas. But if the website or the intranet crashes in Christmas, you will suffer a great loss in and after Christmas. It is very important that to resolve any network performance problem before outages occur. A good network performance can not only bring considerable income, but also a good impression to your customers. You’d better detect, diagnose and resolve network performance problems before Christmas.

AthTek NetWalk Enterprise Edition is a comprehensive network monitor which can detect, diagnose and resolve network performance problems safely. It doesn’t like many other network monitor tool, AthTek NetWalk has a graphical interface which is integration of various network monitoring reports. You can find many key items in network management in the interface. All these diagrams are flexible and customizable. With this detailed network traffic report, you can easily know the traffic status of your network. In one word, AthTek NetWalk Enterprise Edition is exactly the software for business owners to detect, diagnose and resolve network performance problems. It will guarantee the income and the brand promotion.

With AthTek NetWalk Enterprise Edition, you can provide a stable web service to your customers and employees. Besides, we also prepared some Christmas gifts for you. The first Christmas gift is, you can get AthTek NetWalk Enterprise Edition with a $200 OFF price in our holiday deals 2014. It’s our final special offer in 2013. The second Christmas gift is, you can get at least a $40 Amazon gift card in our holiday deals 2014. And as always, Merry Christmas and Happy New Year!

How to Generate a Bandwidth Utilization Graph for Specific Host in AthTek NetWalk?

AthTek — Wed, 09 Oct 2013 13:30:59 +0000

[PDF] Bandwidth utilization is a well-known, but not a well-understood network statistic. Bandwidth utilization is one of the most basic and one of the most critical statistics available in a network analyzer. It shows the current traffic levels on the segment or link, compared to the theoretical maximum. Network administrators often want to know bandwidth utilization either as a percentage of available or a bitrate. Bandwidth has more chaotic transitions than CPU. It isn’t an simple work to know the traffic on specific host. But if you have AthTek NetWalk installed on your enterprise network, you will be able to generate a bandwidth utilization graph for specific host effortlessly.

First of all, you need to add the host to AthTek NetWalk. Open AthTek NetWalk and go to Tools – > Options… -> Sites, you will see a list of hosts under monitoring. Simply click Add to add new host to the list, and you would be able to view the bandwidth utilization graph for this host in [Layered View] -> [Net&Transport].

You can add multiple hosts to AthTek NetWalk and generate the bandwidth utilization graph in different kinds of charts. If it was a postmortem analysis of captured packets, you can even view the conversation contents in traffic flows and active hosts in matrix map.

Matrix Map

How to use AthTek NetWalk to troubleshoot ARP Attacks?

Tony — Thu, 01 Aug 2013 14:24:37 +0000

How to use AthTek NetWalk to troubleshoot ARP Attacks?

AthTek NetWalk is a specialist that can help Network administrators to monitor and manage the Network. Once ARP attacks happen to the network, AthTek NetWalk provides services which can locate ARP source rapidly and reliably, thus ensuring normal network operations.

By monitoring every event through the network or analyzing packets captured experienced administrators can Diagnosis the problem.

However AthTek NetWalk can help you do that with its intelligent analyzing systems.

Different marks mean the different severity of events.

There are some suggestions of mine about troubleshooting.

Firstly，pay special attention to the value of ARP Request and ARP Response which should be above 1:1generally.

Also the Physical Endpoints we can view from AthTek NetWalk will show the correlation of MAC address and IP address. Most of the conditions one MAC address shall have only one IP address corresponding to .If one MAC address has multiple IP addresses to, there are several conditions such as the host with the MAC address is the gateway Or ARP attack. And through AthTek NetWalk, we can locate ARP attack.

AthTek NetWalk can draw a matrix which will show the information between those hosts in the network in that people will be able to identify doubtful conditions as quick as possible.

Why and how to bind IP and Mac?

Tony — Mon, 29 Jul 2013 14:45:42 +0000

Why and how to bind IP with Mac?

DHCP assigns IP address to each device randomly. Therefore, as a network administrator, you need to avoid the IP address of the host from changing and result in unable to filter, manage bandwidth for the packets. Administrators must configure Bind IP to MAC to assure the management. Once the IP address and MAC address are bound for a computer, the router can obtain the specified IP address according to the rules in IP

Bind List after identifying MAC address of a computer. Thus, effective management and control can be reached in network easily.

So, how to bind IP to Mac?

If your firewall/router is also your DHCP serve and it allows you to reserve IP addresses based on MAC address, you will need to configure it to do so. The method varies by brand (Linksys/D-Link/Netgear/Cisco and a thousand others) so you may need to consult the web or the manual.

Now a small tool can figure it work which is called IP-MAC scanner.

You can download and install it from here free.

Firstly, open the software and click “scan” button.
Secondly, choose the IP addresses that you intend to bind with MAC and add them to the database.
Thirdly, change to the database tab and select the IP and MAC addresses.
At last, right-click and choose “generate IP-MAC binding” item.

Is it easy? See more-http://www.athtek.com/ip-mac-scanner.html

Further set your filter with visual logic diagram rather than type complicated codes. Part 2.

Tony — Wed, 24 Jul 2013 15:33:43 +0000

Further set your filter with visual logic diagram rather than type complicated codes.

We have discussed the meaning of capturing packets and the significance of setting filters in last my tutorial about filter setting.

Before you starting to capture packets, you need to set your filter to make sure you capture the packets you want. Setting up the filter simply by IP addressed, ports and protocols can meet most of your demands. However, sometimes you are working in a huge Network where there are thousands of computers and you want to analyze some doubtful packets from a certain IP. You may need to set a certain port number or protocol type at the same time. Simple setting is not capable of accomplishing such kind of task.

In this case, the multiple combinations of several kinds of restrictions are needed. If you are using tool like Wireshark, you may need to have well knowledge of Wireshark codes and grammars so that you could set its filter. AthTek NetWalk is an excellent network monitor tool which has aggregated the whole functions of Wireshark for both of new or professional administrators.

When you open the setting window of filter (tools next filter manager) and create a new filter, AthTek NetWalk will show you a visual logic diagram including “And”, “Or” and “Not”.

For example, capturing packets from IP “192.168.1.X” which is sent through protocol IPv4 or IPv6:

Click the “+” button to create a new filter:
Organize restrictions in the diagram. Add “And” and “Or” properly:
Add “And”
Add “Or”:
Add more restrictions to set more details including Flow, Pattern, Value, Length and Error.

It is convenient for you to set your filter and show your logic in a simple and clear way which can enhance the accuracy and efficiency meanwhile.

More questions please visit our website:http://www.athtek.com/netwalk.html